Re: perf test "object code reading" segfaulting via usercopy check
On Fri, Sep 09, 2016 at 12:47:20PM -0300, Arnaldo Carvalho de Melo wrote: > Em Fri, Sep 09, 2016 at 05:41:25PM +0200, Jiri Olsa escreveu: > > On Fri, Sep 09, 2016 at 12:36:26PM -0300, Arnaldo Carvalho de Melo wrote: > > > Hi Adrian, > > > > > > I noticed that 'perf test "object code reading"' is segfaulting > > > here: > > > > > > [root@jouet linux]# perf test -F "object code reading" > > > 21: Test object code reading :Segmentation fault > > > [root@jouet linux]# > > > > > > dmesg output below, trying to figure this out... > > > > heya, > > it's the new hardened user copy check.. I sent patches for that: > > > > http://marc.info/?l=linux-kernel=147332143929289=2 > > http://marc.info/?l=linux-kernel=147332145229291=2 > > Cool, but that is for the kernel, without thinking too much about it, is > there a way to change that 'perf test' entry to avoid doing what > triggers the segfault? > > My first thought was that it was reading 4K all the way to the end, > where it should instead read just what is remaining, but I haven't > checked this theory at all. it's actually reading within the bounds of kernel text that triggers that, it's the new CONFIG_HARDENED_USERCOPY feature: f5509cc18daa mm: Hardened usercopy check the change log, there's list of conditions and one of them is: - object must not overlap with kernel text jirka
Re: perf test "object code reading" segfaulting via usercopy check
On Fri, Sep 09, 2016 at 12:47:20PM -0300, Arnaldo Carvalho de Melo wrote: > Em Fri, Sep 09, 2016 at 05:41:25PM +0200, Jiri Olsa escreveu: > > On Fri, Sep 09, 2016 at 12:36:26PM -0300, Arnaldo Carvalho de Melo wrote: > > > Hi Adrian, > > > > > > I noticed that 'perf test "object code reading"' is segfaulting > > > here: > > > > > > [root@jouet linux]# perf test -F "object code reading" > > > 21: Test object code reading :Segmentation fault > > > [root@jouet linux]# > > > > > > dmesg output below, trying to figure this out... > > > > heya, > > it's the new hardened user copy check.. I sent patches for that: > > > > http://marc.info/?l=linux-kernel=147332143929289=2 > > http://marc.info/?l=linux-kernel=147332145229291=2 > > Cool, but that is for the kernel, without thinking too much about it, is > there a way to change that 'perf test' entry to avoid doing what > triggers the segfault? > > My first thought was that it was reading 4K all the way to the end, > where it should instead read just what is remaining, but I haven't > checked this theory at all. it's actually reading within the bounds of kernel text that triggers that, it's the new CONFIG_HARDENED_USERCOPY feature: f5509cc18daa mm: Hardened usercopy check the change log, there's list of conditions and one of them is: - object must not overlap with kernel text jirka
Re: perf test "object code reading" segfaulting via usercopy check
Em Fri, Sep 09, 2016 at 05:41:25PM +0200, Jiri Olsa escreveu: > On Fri, Sep 09, 2016 at 12:36:26PM -0300, Arnaldo Carvalho de Melo wrote: > > Hi Adrian, > > > > I noticed that 'perf test "object code reading"' is segfaulting > > here: > > > > [root@jouet linux]# perf test -F "object code reading" > > 21: Test object code reading :Segmentation fault > > [root@jouet linux]# > > > > dmesg output below, trying to figure this out... > > heya, > it's the new hardened user copy check.. I sent patches for that: > > http://marc.info/?l=linux-kernel=147332143929289=2 > http://marc.info/?l=linux-kernel=147332145229291=2 Cool, but that is for the kernel, without thinking too much about it, is there a way to change that 'perf test' entry to avoid doing what triggers the segfault? My first thought was that it was reading 4K all the way to the end, where it should instead read just what is remaining, but I haven't checked this theory at all. - Arnaldo > jirka > > > > > - Arnaldo > > > > [27229.248484] usercopy: kernel memory exposure attempt detected from > > bd064000 () (4096 bytes) > > [27229.248510] [ cut here ] > > [27229.249685] kernel BUG at /home/acme/git/linux/mm/usercopy.c:75! > > [27229.250870] invalid opcode: [#24] SMP > > [27229.252024] Modules linked in: dccp_diag dccp tcp_diag udp_diag > > inet_diag unix_diag uas usb_storage veth xfs vhost_net vhost macvtap > > macvlan ccm hid_apple rfcomm fuse xt_CHECKSUM ipt_MASQUERADE > > nf_nat_masquerade_ipv4 tun xt_addrtype br_netfilter dm_thin_pool > > dm_persistent_data dm_bio_prison libcrc32c nf_conntrack_netbios_ns > > nf_conntrack_broadcast ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 > > xt_conntrack ip_set nfnetlink ebtable_broute bridge stp llc ebtable_nat > > ip6table_raw ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 > > ip6table_mangle ip6table_security iptable_raw iptable_nat nf_conntrack_ipv4 > > nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle > > iptable_security ebtable_filter ebtables ip6table_filter ip6_tables cmac > > bnep btrfs xor raid6_pq loop snd_usb_audio snd_usbmidi_lib snd_rawmidi > > [27229.255901] intel_rapl x86_pkg_temp_thermal coretemp arc4 iwlmvm > > kvm_intel kvm mac80211 irqbypass crct10dif_pclmul crc32_pclmul > > ghash_clmulni_intel intel_cstate intel_rapl_perf snd_hda_codec_realtek > > snd_hda_codec_hdmi snd_hda_codec_generic mei_wdt iwlwifi iTCO_wdt > > iTCO_vendor_support cfg80211 uvcvideo snd_hda_intel videobuf2_vmalloc > > gspca_ov534 videobuf2_memops joydev pcspkr snd_hda_codec intel_pch_thermal > > gspca_main videobuf2_v4l2 rtsx_pci_ms v4l2_common i2c_i801 videobuf2_core > > btusb snd_hda_core snd_seq i2c_smbus memstick shpchp videodev btrtl btbcm > > btintel bluetooth snd_seq_device media lpc_ich snd_hwdep snd_pcm mei_me > > snd_timer mei thinkpad_acpi snd wmi soundcore rfkill tpm_tis tpm_tis_core > > tpm intel_rst nfsd auth_rpcgss nfs_acl lockd grace sunrpc binfmt_misc i915 > > i2c_algo_bit drm_kms_helper > > [27229.260080] rtsx_pci_sdmmc mmc_core drm e1000e crc32c_intel rtsx_pci > > ptp serio_raw pps_core fjes video > > [27229.262890] CPU: 0 PID: 24116 Comm: perf Tainted: G D > > 4.8.0-rc5-perf-core-branch_stack_annotate+ #3 > > [27229.264312] Hardware name: LENOVO 20BX001LUS/20BX001LUS, BIOS JBET49WW > > (1.14 ) 05/21/2015 > > [27229.265737] task: 96b1b0295880 task.stack: 96b14697 > > [27229.267187] RIP: 0010:[] [] > > __check_object_size+0x10c/0x3b6 > > [27229.268638] RSP: 0018:96b146973da0 EFLAGS: 00010286 > > [27229.270105] RAX: 0064 RBX: bd064000 RCX: > > > > [27229.271595] RDX: RSI: 96b23dc0dfe8 RDI: > > 96b23dc0dfe8 > > [27229.273068] RBP: 96b146973dc0 R08: 0003caa4 R09: > > 0005 > > [27229.274568] R10: 0018 R11: 0daa R12: > > 1000 > > [27229.276045] R13: 0001 R14: bd065000 R15: > > 96b146973f18 > > [27229.277511] FS: 7f5a9f9337c0() GS:96b23dc0() > > knlGS: > > [27229.278930] CS: 0010 DS: ES: CR0: 80050033 > > [27229.280348] CR2: 7f5a9f8b3006 CR3: 00014a06d000 CR4: > > 003427f0 > > [27229.281794] DR0: 0047eba0 DR1: 0047e4c0 DR2: > > 01fe75f0 > > [27229.283242] DR3: DR6: fffe0ff0 DR7: > > 0400 > > [27229.284662] Stack: > > [27229.286021] 1000 1000 03e76b28 > > bd064000 > > [27229.287387] 96b146973e20 bd2ce1e3 > > 7ffca1a2c980 > > [27229.288700] 000db0295880 3000 95f34628 > > 96b233dcc180 > > [27229.289983] Call Trace: > > [27229.291244] [] ? > > kvm_check_and_clear_guest_paused+0x10/0x50 > > [27229.292465] [] read_kcore+0x263/0x340 > > [27229.293653] [] proc_reg_read+0x42/0x70 > >
Re: perf test "object code reading" segfaulting via usercopy check
Em Fri, Sep 09, 2016 at 05:41:25PM +0200, Jiri Olsa escreveu: > On Fri, Sep 09, 2016 at 12:36:26PM -0300, Arnaldo Carvalho de Melo wrote: > > Hi Adrian, > > > > I noticed that 'perf test "object code reading"' is segfaulting > > here: > > > > [root@jouet linux]# perf test -F "object code reading" > > 21: Test object code reading :Segmentation fault > > [root@jouet linux]# > > > > dmesg output below, trying to figure this out... > > heya, > it's the new hardened user copy check.. I sent patches for that: > > http://marc.info/?l=linux-kernel=147332143929289=2 > http://marc.info/?l=linux-kernel=147332145229291=2 Cool, but that is for the kernel, without thinking too much about it, is there a way to change that 'perf test' entry to avoid doing what triggers the segfault? My first thought was that it was reading 4K all the way to the end, where it should instead read just what is remaining, but I haven't checked this theory at all. - Arnaldo > jirka > > > > > - Arnaldo > > > > [27229.248484] usercopy: kernel memory exposure attempt detected from > > bd064000 () (4096 bytes) > > [27229.248510] [ cut here ] > > [27229.249685] kernel BUG at /home/acme/git/linux/mm/usercopy.c:75! > > [27229.250870] invalid opcode: [#24] SMP > > [27229.252024] Modules linked in: dccp_diag dccp tcp_diag udp_diag > > inet_diag unix_diag uas usb_storage veth xfs vhost_net vhost macvtap > > macvlan ccm hid_apple rfcomm fuse xt_CHECKSUM ipt_MASQUERADE > > nf_nat_masquerade_ipv4 tun xt_addrtype br_netfilter dm_thin_pool > > dm_persistent_data dm_bio_prison libcrc32c nf_conntrack_netbios_ns > > nf_conntrack_broadcast ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 > > xt_conntrack ip_set nfnetlink ebtable_broute bridge stp llc ebtable_nat > > ip6table_raw ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 > > ip6table_mangle ip6table_security iptable_raw iptable_nat nf_conntrack_ipv4 > > nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle > > iptable_security ebtable_filter ebtables ip6table_filter ip6_tables cmac > > bnep btrfs xor raid6_pq loop snd_usb_audio snd_usbmidi_lib snd_rawmidi > > [27229.255901] intel_rapl x86_pkg_temp_thermal coretemp arc4 iwlmvm > > kvm_intel kvm mac80211 irqbypass crct10dif_pclmul crc32_pclmul > > ghash_clmulni_intel intel_cstate intel_rapl_perf snd_hda_codec_realtek > > snd_hda_codec_hdmi snd_hda_codec_generic mei_wdt iwlwifi iTCO_wdt > > iTCO_vendor_support cfg80211 uvcvideo snd_hda_intel videobuf2_vmalloc > > gspca_ov534 videobuf2_memops joydev pcspkr snd_hda_codec intel_pch_thermal > > gspca_main videobuf2_v4l2 rtsx_pci_ms v4l2_common i2c_i801 videobuf2_core > > btusb snd_hda_core snd_seq i2c_smbus memstick shpchp videodev btrtl btbcm > > btintel bluetooth snd_seq_device media lpc_ich snd_hwdep snd_pcm mei_me > > snd_timer mei thinkpad_acpi snd wmi soundcore rfkill tpm_tis tpm_tis_core > > tpm intel_rst nfsd auth_rpcgss nfs_acl lockd grace sunrpc binfmt_misc i915 > > i2c_algo_bit drm_kms_helper > > [27229.260080] rtsx_pci_sdmmc mmc_core drm e1000e crc32c_intel rtsx_pci > > ptp serio_raw pps_core fjes video > > [27229.262890] CPU: 0 PID: 24116 Comm: perf Tainted: G D > > 4.8.0-rc5-perf-core-branch_stack_annotate+ #3 > > [27229.264312] Hardware name: LENOVO 20BX001LUS/20BX001LUS, BIOS JBET49WW > > (1.14 ) 05/21/2015 > > [27229.265737] task: 96b1b0295880 task.stack: 96b14697 > > [27229.267187] RIP: 0010:[] [] > > __check_object_size+0x10c/0x3b6 > > [27229.268638] RSP: 0018:96b146973da0 EFLAGS: 00010286 > > [27229.270105] RAX: 0064 RBX: bd064000 RCX: > > > > [27229.271595] RDX: RSI: 96b23dc0dfe8 RDI: > > 96b23dc0dfe8 > > [27229.273068] RBP: 96b146973dc0 R08: 0003caa4 R09: > > 0005 > > [27229.274568] R10: 0018 R11: 0daa R12: > > 1000 > > [27229.276045] R13: 0001 R14: bd065000 R15: > > 96b146973f18 > > [27229.277511] FS: 7f5a9f9337c0() GS:96b23dc0() > > knlGS: > > [27229.278930] CS: 0010 DS: ES: CR0: 80050033 > > [27229.280348] CR2: 7f5a9f8b3006 CR3: 00014a06d000 CR4: > > 003427f0 > > [27229.281794] DR0: 0047eba0 DR1: 0047e4c0 DR2: > > 01fe75f0 > > [27229.283242] DR3: DR6: fffe0ff0 DR7: > > 0400 > > [27229.284662] Stack: > > [27229.286021] 1000 1000 03e76b28 > > bd064000 > > [27229.287387] 96b146973e20 bd2ce1e3 > > 7ffca1a2c980 > > [27229.288700] 000db0295880 3000 95f34628 > > 96b233dcc180 > > [27229.289983] Call Trace: > > [27229.291244] [] ? > > kvm_check_and_clear_guest_paused+0x10/0x50 > > [27229.292465] [] read_kcore+0x263/0x340 > > [27229.293653] [] proc_reg_read+0x42/0x70 > >
Re: perf test "object code reading" segfaulting via usercopy check
On Fri, Sep 09, 2016 at 12:36:26PM -0300, Arnaldo Carvalho de Melo wrote: > Hi Adrian, > > I noticed that 'perf test "object code reading"' is segfaulting > here: > > [root@jouet linux]# perf test -F "object code reading" > 21: Test object code reading :Segmentation fault > [root@jouet linux]# > > dmesg output below, trying to figure this out... heya, it's the new hardened user copy check.. I sent patches for that: http://marc.info/?l=linux-kernel=147332143929289=2 http://marc.info/?l=linux-kernel=147332145229291=2 jirka > > - Arnaldo > > [27229.248484] usercopy: kernel memory exposure attempt detected from > bd064000 () (4096 bytes) > [27229.248510] [ cut here ] > [27229.249685] kernel BUG at /home/acme/git/linux/mm/usercopy.c:75! > [27229.250870] invalid opcode: [#24] SMP > [27229.252024] Modules linked in: dccp_diag dccp tcp_diag udp_diag inet_diag > unix_diag uas usb_storage veth xfs vhost_net vhost macvtap macvlan ccm > hid_apple rfcomm fuse xt_CHECKSUM ipt_MASQUERADE nf_nat_masquerade_ipv4 tun > xt_addrtype br_netfilter dm_thin_pool dm_persistent_data dm_bio_prison > libcrc32c nf_conntrack_netbios_ns nf_conntrack_broadcast ip6t_rpfilter > ip6t_REJECT nf_reject_ipv6 xt_conntrack ip_set nfnetlink ebtable_broute > bridge stp llc ebtable_nat ip6table_raw ip6table_nat nf_conntrack_ipv6 > nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_security iptable_raw > iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack > iptable_mangle iptable_security ebtable_filter ebtables ip6table_filter > ip6_tables cmac bnep btrfs xor raid6_pq loop snd_usb_audio snd_usbmidi_lib > snd_rawmidi > [27229.255901] intel_rapl x86_pkg_temp_thermal coretemp arc4 iwlmvm > kvm_intel kvm mac80211 irqbypass crct10dif_pclmul crc32_pclmul > ghash_clmulni_intel intel_cstate intel_rapl_perf snd_hda_codec_realtek > snd_hda_codec_hdmi snd_hda_codec_generic mei_wdt iwlwifi iTCO_wdt > iTCO_vendor_support cfg80211 uvcvideo snd_hda_intel videobuf2_vmalloc > gspca_ov534 videobuf2_memops joydev pcspkr snd_hda_codec intel_pch_thermal > gspca_main videobuf2_v4l2 rtsx_pci_ms v4l2_common i2c_i801 videobuf2_core > btusb snd_hda_core snd_seq i2c_smbus memstick shpchp videodev btrtl btbcm > btintel bluetooth snd_seq_device media lpc_ich snd_hwdep snd_pcm mei_me > snd_timer mei thinkpad_acpi snd wmi soundcore rfkill tpm_tis tpm_tis_core tpm > intel_rst nfsd auth_rpcgss nfs_acl lockd grace sunrpc binfmt_misc i915 > i2c_algo_bit drm_kms_helper > [27229.260080] rtsx_pci_sdmmc mmc_core drm e1000e crc32c_intel rtsx_pci ptp > serio_raw pps_core fjes video > [27229.262890] CPU: 0 PID: 24116 Comm: perf Tainted: G D > 4.8.0-rc5-perf-core-branch_stack_annotate+ #3 > [27229.264312] Hardware name: LENOVO 20BX001LUS/20BX001LUS, BIOS JBET49WW > (1.14 ) 05/21/2015 > [27229.265737] task: 96b1b0295880 task.stack: 96b14697 > [27229.267187] RIP: 0010:[] [] > __check_object_size+0x10c/0x3b6 > [27229.268638] RSP: 0018:96b146973da0 EFLAGS: 00010286 > [27229.270105] RAX: 0064 RBX: bd064000 RCX: > > [27229.271595] RDX: RSI: 96b23dc0dfe8 RDI: > 96b23dc0dfe8 > [27229.273068] RBP: 96b146973dc0 R08: 0003caa4 R09: > 0005 > [27229.274568] R10: 0018 R11: 0daa R12: > 1000 > [27229.276045] R13: 0001 R14: bd065000 R15: > 96b146973f18 > [27229.277511] FS: 7f5a9f9337c0() GS:96b23dc0() > knlGS: > [27229.278930] CS: 0010 DS: ES: CR0: 80050033 > [27229.280348] CR2: 7f5a9f8b3006 CR3: 00014a06d000 CR4: > 003427f0 > [27229.281794] DR0: 0047eba0 DR1: 0047e4c0 DR2: > 01fe75f0 > [27229.283242] DR3: DR6: fffe0ff0 DR7: > 0400 > [27229.284662] Stack: > [27229.286021] 1000 1000 03e76b28 > bd064000 > [27229.287387] 96b146973e20 bd2ce1e3 > 7ffca1a2c980 > [27229.288700] 000db0295880 3000 95f34628 > 96b233dcc180 > [27229.289983] Call Trace: > [27229.291244] [] ? > kvm_check_and_clear_guest_paused+0x10/0x50 > [27229.292465] [] read_kcore+0x263/0x340 > [27229.293653] [] proc_reg_read+0x42/0x70 > [27229.294824] [] __vfs_read+0x37/0x150 > [27229.295959] [] ? security_file_permission+0xa0/0xc0 > [27229.297087] [] vfs_read+0x96/0x130 > [27229.298205] [] SyS_pread64+0x95/0xb0 > [27229.299334] [] entry_SYSCALL_64_fastpath+0x1a/0xa4 > [27229.300461] Code: 56 02 00 00 49 c7 c0 de d3 a4 bd 48 c7 c2 5c b6 a2 bd 48 > c7 c6 39 19 a4 bd 4d 89 e1 48 89 d9 48 c7 c7 b0 9e a4 bd e8 ee 07 f7 ff <0f> > 0b 48 89 c2 4c 89 e6 48 89 df e8 74 02 fe ff 48 85 c0 49 89 > [27229.301687] RIP [] __check_object_size+0x10c/0x3b6 > [27229.302874] RSP > [27229.304055] hpet1: lost 3 rtc interrupts >
Re: perf test "object code reading" segfaulting via usercopy check
On Fri, Sep 09, 2016 at 12:36:26PM -0300, Arnaldo Carvalho de Melo wrote: > Hi Adrian, > > I noticed that 'perf test "object code reading"' is segfaulting > here: > > [root@jouet linux]# perf test -F "object code reading" > 21: Test object code reading :Segmentation fault > [root@jouet linux]# > > dmesg output below, trying to figure this out... heya, it's the new hardened user copy check.. I sent patches for that: http://marc.info/?l=linux-kernel=147332143929289=2 http://marc.info/?l=linux-kernel=147332145229291=2 jirka > > - Arnaldo > > [27229.248484] usercopy: kernel memory exposure attempt detected from > bd064000 () (4096 bytes) > [27229.248510] [ cut here ] > [27229.249685] kernel BUG at /home/acme/git/linux/mm/usercopy.c:75! > [27229.250870] invalid opcode: [#24] SMP > [27229.252024] Modules linked in: dccp_diag dccp tcp_diag udp_diag inet_diag > unix_diag uas usb_storage veth xfs vhost_net vhost macvtap macvlan ccm > hid_apple rfcomm fuse xt_CHECKSUM ipt_MASQUERADE nf_nat_masquerade_ipv4 tun > xt_addrtype br_netfilter dm_thin_pool dm_persistent_data dm_bio_prison > libcrc32c nf_conntrack_netbios_ns nf_conntrack_broadcast ip6t_rpfilter > ip6t_REJECT nf_reject_ipv6 xt_conntrack ip_set nfnetlink ebtable_broute > bridge stp llc ebtable_nat ip6table_raw ip6table_nat nf_conntrack_ipv6 > nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_security iptable_raw > iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack > iptable_mangle iptable_security ebtable_filter ebtables ip6table_filter > ip6_tables cmac bnep btrfs xor raid6_pq loop snd_usb_audio snd_usbmidi_lib > snd_rawmidi > [27229.255901] intel_rapl x86_pkg_temp_thermal coretemp arc4 iwlmvm > kvm_intel kvm mac80211 irqbypass crct10dif_pclmul crc32_pclmul > ghash_clmulni_intel intel_cstate intel_rapl_perf snd_hda_codec_realtek > snd_hda_codec_hdmi snd_hda_codec_generic mei_wdt iwlwifi iTCO_wdt > iTCO_vendor_support cfg80211 uvcvideo snd_hda_intel videobuf2_vmalloc > gspca_ov534 videobuf2_memops joydev pcspkr snd_hda_codec intel_pch_thermal > gspca_main videobuf2_v4l2 rtsx_pci_ms v4l2_common i2c_i801 videobuf2_core > btusb snd_hda_core snd_seq i2c_smbus memstick shpchp videodev btrtl btbcm > btintel bluetooth snd_seq_device media lpc_ich snd_hwdep snd_pcm mei_me > snd_timer mei thinkpad_acpi snd wmi soundcore rfkill tpm_tis tpm_tis_core tpm > intel_rst nfsd auth_rpcgss nfs_acl lockd grace sunrpc binfmt_misc i915 > i2c_algo_bit drm_kms_helper > [27229.260080] rtsx_pci_sdmmc mmc_core drm e1000e crc32c_intel rtsx_pci ptp > serio_raw pps_core fjes video > [27229.262890] CPU: 0 PID: 24116 Comm: perf Tainted: G D > 4.8.0-rc5-perf-core-branch_stack_annotate+ #3 > [27229.264312] Hardware name: LENOVO 20BX001LUS/20BX001LUS, BIOS JBET49WW > (1.14 ) 05/21/2015 > [27229.265737] task: 96b1b0295880 task.stack: 96b14697 > [27229.267187] RIP: 0010:[] [] > __check_object_size+0x10c/0x3b6 > [27229.268638] RSP: 0018:96b146973da0 EFLAGS: 00010286 > [27229.270105] RAX: 0064 RBX: bd064000 RCX: > > [27229.271595] RDX: RSI: 96b23dc0dfe8 RDI: > 96b23dc0dfe8 > [27229.273068] RBP: 96b146973dc0 R08: 0003caa4 R09: > 0005 > [27229.274568] R10: 0018 R11: 0daa R12: > 1000 > [27229.276045] R13: 0001 R14: bd065000 R15: > 96b146973f18 > [27229.277511] FS: 7f5a9f9337c0() GS:96b23dc0() > knlGS: > [27229.278930] CS: 0010 DS: ES: CR0: 80050033 > [27229.280348] CR2: 7f5a9f8b3006 CR3: 00014a06d000 CR4: > 003427f0 > [27229.281794] DR0: 0047eba0 DR1: 0047e4c0 DR2: > 01fe75f0 > [27229.283242] DR3: DR6: fffe0ff0 DR7: > 0400 > [27229.284662] Stack: > [27229.286021] 1000 1000 03e76b28 > bd064000 > [27229.287387] 96b146973e20 bd2ce1e3 > 7ffca1a2c980 > [27229.288700] 000db0295880 3000 95f34628 > 96b233dcc180 > [27229.289983] Call Trace: > [27229.291244] [] ? > kvm_check_and_clear_guest_paused+0x10/0x50 > [27229.292465] [] read_kcore+0x263/0x340 > [27229.293653] [] proc_reg_read+0x42/0x70 > [27229.294824] [] __vfs_read+0x37/0x150 > [27229.295959] [] ? security_file_permission+0xa0/0xc0 > [27229.297087] [] vfs_read+0x96/0x130 > [27229.298205] [] SyS_pread64+0x95/0xb0 > [27229.299334] [] entry_SYSCALL_64_fastpath+0x1a/0xa4 > [27229.300461] Code: 56 02 00 00 49 c7 c0 de d3 a4 bd 48 c7 c2 5c b6 a2 bd 48 > c7 c6 39 19 a4 bd 4d 89 e1 48 89 d9 48 c7 c7 b0 9e a4 bd e8 ee 07 f7 ff <0f> > 0b 48 89 c2 4c 89 e6 48 89 df e8 74 02 fe ff 48 85 c0 49 89 > [27229.301687] RIP [] __check_object_size+0x10c/0x3b6 > [27229.302874] RSP > [27229.304055] hpet1: lost 3 rtc interrupts >
perf test "object code reading" segfaulting via usercopy check
Hi Adrian, I noticed that 'perf test "object code reading"' is segfaulting here: [root@jouet linux]# perf test -F "object code reading" 21: Test object code reading :Segmentation fault [root@jouet linux]# dmesg output below, trying to figure this out... - Arnaldo [27229.248484] usercopy: kernel memory exposure attempt detected from bd064000 () (4096 bytes) [27229.248510] [ cut here ] [27229.249685] kernel BUG at /home/acme/git/linux/mm/usercopy.c:75! [27229.250870] invalid opcode: [#24] SMP [27229.252024] Modules linked in: dccp_diag dccp tcp_diag udp_diag inet_diag unix_diag uas usb_storage veth xfs vhost_net vhost macvtap macvlan ccm hid_apple rfcomm fuse xt_CHECKSUM ipt_MASQUERADE nf_nat_masquerade_ipv4 tun xt_addrtype br_netfilter dm_thin_pool dm_persistent_data dm_bio_prison libcrc32c nf_conntrack_netbios_ns nf_conntrack_broadcast ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 xt_conntrack ip_set nfnetlink ebtable_broute bridge stp llc ebtable_nat ip6table_raw ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_security iptable_raw iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle iptable_security ebtable_filter ebtables ip6table_filter ip6_tables cmac bnep btrfs xor raid6_pq loop snd_usb_audio snd_usbmidi_lib snd_rawmidi [27229.255901] intel_rapl x86_pkg_temp_thermal coretemp arc4 iwlmvm kvm_intel kvm mac80211 irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel intel_cstate intel_rapl_perf snd_hda_codec_realtek snd_hda_codec_hdmi snd_hda_codec_generic mei_wdt iwlwifi iTCO_wdt iTCO_vendor_support cfg80211 uvcvideo snd_hda_intel videobuf2_vmalloc gspca_ov534 videobuf2_memops joydev pcspkr snd_hda_codec intel_pch_thermal gspca_main videobuf2_v4l2 rtsx_pci_ms v4l2_common i2c_i801 videobuf2_core btusb snd_hda_core snd_seq i2c_smbus memstick shpchp videodev btrtl btbcm btintel bluetooth snd_seq_device media lpc_ich snd_hwdep snd_pcm mei_me snd_timer mei thinkpad_acpi snd wmi soundcore rfkill tpm_tis tpm_tis_core tpm intel_rst nfsd auth_rpcgss nfs_acl lockd grace sunrpc binfmt_misc i915 i2c_algo_bit drm_kms_helper [27229.260080] rtsx_pci_sdmmc mmc_core drm e1000e crc32c_intel rtsx_pci ptp serio_raw pps_core fjes video [27229.262890] CPU: 0 PID: 24116 Comm: perf Tainted: G D 4.8.0-rc5-perf-core-branch_stack_annotate+ #3 [27229.264312] Hardware name: LENOVO 20BX001LUS/20BX001LUS, BIOS JBET49WW (1.14 ) 05/21/2015 [27229.265737] task: 96b1b0295880 task.stack: 96b14697 [27229.267187] RIP: 0010:[] [] __check_object_size+0x10c/0x3b6 [27229.268638] RSP: 0018:96b146973da0 EFLAGS: 00010286 [27229.270105] RAX: 0064 RBX: bd064000 RCX: [27229.271595] RDX: RSI: 96b23dc0dfe8 RDI: 96b23dc0dfe8 [27229.273068] RBP: 96b146973dc0 R08: 0003caa4 R09: 0005 [27229.274568] R10: 0018 R11: 0daa R12: 1000 [27229.276045] R13: 0001 R14: bd065000 R15: 96b146973f18 [27229.277511] FS: 7f5a9f9337c0() GS:96b23dc0() knlGS: [27229.278930] CS: 0010 DS: ES: CR0: 80050033 [27229.280348] CR2: 7f5a9f8b3006 CR3: 00014a06d000 CR4: 003427f0 [27229.281794] DR0: 0047eba0 DR1: 0047e4c0 DR2: 01fe75f0 [27229.283242] DR3: DR6: fffe0ff0 DR7: 0400 [27229.284662] Stack: [27229.286021] 1000 1000 03e76b28 bd064000 [27229.287387] 96b146973e20 bd2ce1e3 7ffca1a2c980 [27229.288700] 000db0295880 3000 95f34628 96b233dcc180 [27229.289983] Call Trace: [27229.291244] [] ? kvm_check_and_clear_guest_paused+0x10/0x50 [27229.292465] [] read_kcore+0x263/0x340 [27229.293653] [] proc_reg_read+0x42/0x70 [27229.294824] [] __vfs_read+0x37/0x150 [27229.295959] [] ? security_file_permission+0xa0/0xc0 [27229.297087] [] vfs_read+0x96/0x130 [27229.298205] [] SyS_pread64+0x95/0xb0 [27229.299334] [] entry_SYSCALL_64_fastpath+0x1a/0xa4 [27229.300461] Code: 56 02 00 00 49 c7 c0 de d3 a4 bd 48 c7 c2 5c b6 a2 bd 48 c7 c6 39 19 a4 bd 4d 89 e1 48 89 d9 48 c7 c7 b0 9e a4 bd e8 ee 07 f7 ff <0f> 0b 48 89 c2 4c 89 e6 48 89 df e8 74 02 fe ff 48 85 c0 49 89 [27229.301687] RIP [] __check_object_size+0x10c/0x3b6 [27229.302874] RSP [27229.304055] hpet1: lost 3 rtc interrupts [27229.304079] ---[ end trace 60cb58c77b724270 ]--- [root@jouet linux]#
perf test "object code reading" segfaulting via usercopy check
Hi Adrian, I noticed that 'perf test "object code reading"' is segfaulting here: [root@jouet linux]# perf test -F "object code reading" 21: Test object code reading :Segmentation fault [root@jouet linux]# dmesg output below, trying to figure this out... - Arnaldo [27229.248484] usercopy: kernel memory exposure attempt detected from bd064000 () (4096 bytes) [27229.248510] [ cut here ] [27229.249685] kernel BUG at /home/acme/git/linux/mm/usercopy.c:75! [27229.250870] invalid opcode: [#24] SMP [27229.252024] Modules linked in: dccp_diag dccp tcp_diag udp_diag inet_diag unix_diag uas usb_storage veth xfs vhost_net vhost macvtap macvlan ccm hid_apple rfcomm fuse xt_CHECKSUM ipt_MASQUERADE nf_nat_masquerade_ipv4 tun xt_addrtype br_netfilter dm_thin_pool dm_persistent_data dm_bio_prison libcrc32c nf_conntrack_netbios_ns nf_conntrack_broadcast ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 xt_conntrack ip_set nfnetlink ebtable_broute bridge stp llc ebtable_nat ip6table_raw ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_security iptable_raw iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle iptable_security ebtable_filter ebtables ip6table_filter ip6_tables cmac bnep btrfs xor raid6_pq loop snd_usb_audio snd_usbmidi_lib snd_rawmidi [27229.255901] intel_rapl x86_pkg_temp_thermal coretemp arc4 iwlmvm kvm_intel kvm mac80211 irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel intel_cstate intel_rapl_perf snd_hda_codec_realtek snd_hda_codec_hdmi snd_hda_codec_generic mei_wdt iwlwifi iTCO_wdt iTCO_vendor_support cfg80211 uvcvideo snd_hda_intel videobuf2_vmalloc gspca_ov534 videobuf2_memops joydev pcspkr snd_hda_codec intel_pch_thermal gspca_main videobuf2_v4l2 rtsx_pci_ms v4l2_common i2c_i801 videobuf2_core btusb snd_hda_core snd_seq i2c_smbus memstick shpchp videodev btrtl btbcm btintel bluetooth snd_seq_device media lpc_ich snd_hwdep snd_pcm mei_me snd_timer mei thinkpad_acpi snd wmi soundcore rfkill tpm_tis tpm_tis_core tpm intel_rst nfsd auth_rpcgss nfs_acl lockd grace sunrpc binfmt_misc i915 i2c_algo_bit drm_kms_helper [27229.260080] rtsx_pci_sdmmc mmc_core drm e1000e crc32c_intel rtsx_pci ptp serio_raw pps_core fjes video [27229.262890] CPU: 0 PID: 24116 Comm: perf Tainted: G D 4.8.0-rc5-perf-core-branch_stack_annotate+ #3 [27229.264312] Hardware name: LENOVO 20BX001LUS/20BX001LUS, BIOS JBET49WW (1.14 ) 05/21/2015 [27229.265737] task: 96b1b0295880 task.stack: 96b14697 [27229.267187] RIP: 0010:[] [] __check_object_size+0x10c/0x3b6 [27229.268638] RSP: 0018:96b146973da0 EFLAGS: 00010286 [27229.270105] RAX: 0064 RBX: bd064000 RCX: [27229.271595] RDX: RSI: 96b23dc0dfe8 RDI: 96b23dc0dfe8 [27229.273068] RBP: 96b146973dc0 R08: 0003caa4 R09: 0005 [27229.274568] R10: 0018 R11: 0daa R12: 1000 [27229.276045] R13: 0001 R14: bd065000 R15: 96b146973f18 [27229.277511] FS: 7f5a9f9337c0() GS:96b23dc0() knlGS: [27229.278930] CS: 0010 DS: ES: CR0: 80050033 [27229.280348] CR2: 7f5a9f8b3006 CR3: 00014a06d000 CR4: 003427f0 [27229.281794] DR0: 0047eba0 DR1: 0047e4c0 DR2: 01fe75f0 [27229.283242] DR3: DR6: fffe0ff0 DR7: 0400 [27229.284662] Stack: [27229.286021] 1000 1000 03e76b28 bd064000 [27229.287387] 96b146973e20 bd2ce1e3 7ffca1a2c980 [27229.288700] 000db0295880 3000 95f34628 96b233dcc180 [27229.289983] Call Trace: [27229.291244] [] ? kvm_check_and_clear_guest_paused+0x10/0x50 [27229.292465] [] read_kcore+0x263/0x340 [27229.293653] [] proc_reg_read+0x42/0x70 [27229.294824] [] __vfs_read+0x37/0x150 [27229.295959] [] ? security_file_permission+0xa0/0xc0 [27229.297087] [] vfs_read+0x96/0x130 [27229.298205] [] SyS_pread64+0x95/0xb0 [27229.299334] [] entry_SYSCALL_64_fastpath+0x1a/0xa4 [27229.300461] Code: 56 02 00 00 49 c7 c0 de d3 a4 bd 48 c7 c2 5c b6 a2 bd 48 c7 c6 39 19 a4 bd 4d 89 e1 48 89 d9 48 c7 c7 b0 9e a4 bd e8 ee 07 f7 ff <0f> 0b 48 89 c2 4c 89 e6 48 89 df e8 74 02 fe ff 48 85 c0 49 89 [27229.301687] RIP [] __check_object_size+0x10c/0x3b6 [27229.302874] RSP [27229.304055] hpet1: lost 3 rtc interrupts [27229.304079] ---[ end trace 60cb58c77b724270 ]--- [root@jouet linux]#
